Learning Pentesting for Android Devices Table of Contents Learning Pentesting for Android Devices Credits Foreword About the Author Acknowledgments About the Reviewers www.PacktPub.com Support files, eBooks, discount offers, and more Why subscribe? Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Downloading the color images of the book Errata Piracy Questions 1. Getting Started with Android Security Introduction to Android Digging deeper into Android Sandboxing and the permission model Application signing Android startup process Summary 2. Preparing the Battlefield Setting up the development environment Creating an Android virtual device Useful utilities for Android Pentest Android Debug Bridge Burp Suite APKTool Summary 3. Reversing and Auditing Android Apps Android application teardown Reversing an Android application Using Apktool to reverse an Android application Auditing Android applications Content provider leakage Insecure file storage Path traversal vulnerability or local file inclusion Client-side injection attacks OWASP top 10 vulnerabilities for mobiles Summary 4. Traffic Analysis for Android Devices Android traffic interception Ways to analyze Android traffic Passive analysis Active analysis HTTPS Proxy interception Other ways to intercept SSL traffic Extracting sensitive files with packet capture Summary 5. Android Forensics Types of forensics Filesystems Android filesystem partitions Using dd to extract data Using a custom recovery image Using Andriller to extract an application's data Using AFLogical to extract contacts, calls, and text messages Dumping application databases manually Logging the logcat Using backup to extract an application's data Summary 6. Playing with SQLite Understanding SQLite in depth Analyzing a simple application using SQLite Security vulnerability Summary 7. Lesser-known Android Attacks Android WebView vulnerability Using WebView in the application Identifying the vulnerability Infecting legitimate APKs Vulnerabilities in ad libraries Cross-Application Scripting in Android Summary 8. ARM Exploitation Introduction to ARM architecture Execution modes Setting up the environment Simple stack-based buffer overflow Return-oriented programming Android root exploits Summary 9. Writing the Pentest Report Basics of a penetration testing report Writing the pentest report Executive summary Vulnerabilities Scope of the work Tools used Testing methodologies followed Recommendations Conclusion Appendix Summary Security Audit of Attify's Vulnerable App Table of Contents 1. Introduction 1.1 Executive Summary 1.2 Scope of the Work 1.3 Summary of Vulnerabilities 2. Auditing and Methodology 2.1 Tools Used 2.2 Vulnerabilities Issue #1: Injection vulnerabilities in the Android application Issue #2: Vulnerability in the WebView component Issue #3: No/Weak encryption Issue #4: Vulnerable content providers 3. Conclusions 3.1 Conclusions 3.2 Recommendations Index Learning Pentesting for Android Devices Learning Pentesting for Android Devices Copyright © 2014 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: March 2014 Production Reference: 1190314 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78328-898-4 www.packtpub.com Cover Image by Michal Jasej (<[email protected]>) Credits Author Aditya Gupta Reviewers Seyton Bradford Rui Gonçalo Glauco Márdano Elad Shapira Acquisition Editors Nikhil Chinnari Kartikey Pandey Content Development Editor Priya Singh Technical Editors Manan Badani Shashank Desai Akashdeep Kundu Copy Editors Sayanee Mukherjee Karuna Narayanan Alfida Paiva Laxmi Subramanian Project Coordinator Jomin Varghese Proofreaders Maria Gould Ameesha Green Paul Hindle Indexer Hemangini Bari Graphics Sheetal Aute Yuvraj Mannari Production Coordinator Kyle Albuquerque Cover Work Kyle Albuquerque